Site navigation

New ‘XLoader’ Malware Strain is a Serious Concern for macOS Users

Ross Kelly


Research from Check Point shows a strain of malware derived from ‘Formbook’ is being used to target MacOS users.

XLoader, a potent malware strain used to steal information from macOS users, is being sold on the dark web for as little as $49 (£35), according to new research.

A study conducted by Check Point Research found that hackers are snapping up licenses for the new malware strain to harvest log-in credentials, collect screenshots and log keystrokes on macOS devices.

According to security researchers at the firm, the new strain is derived from the infamous ‘Formbook’ malware family, which largely targeted Windows users.

While Formbook disappeared in 2018, last year it was rebranded to XLoader. Over the past six months, researchers said the new strain has been used to devastating effect, targeting both Mac and Windows users indiscriminately.

More than half (53%) of XLoader victims so far have been based in the United States, but users in Europe are also falling foul of the malware.

XLoader’s popularity among cybercriminals has risen sharply since the beginning of 2021, researchers noted, with hackers in 69 countries submitting requests for the malware via the dark web.

“This malware is far more mature and sophisticated than its predecessors, supporting different operating systems, specifically macOS computers,” said Yaniv Balmas, Head of Cyber Research at Check Point Software.

“Historically, macOS malware hasn’t been that common. They usually fall into the category of ‘spyware’, not causing too much damage.”

Balmas added that there is a perception among macOS users that Apple devices are more secure than other platforms, and this could be contributing to the rise in attacks.

“I think there is a common incorrect belief with macOS users that Apple platforms are more secure than other more widely used platforms. While there might be a gap between Windows and macOS malware, the gap is slowly closing over time,” he said.

“The truth is that macOS malware is becoming bigger and more dangerous. I personally anticipate seeing more cyber threats following the Formbook malware family,” Balmas noted.


With more than 100 million Macs in use globally, CPR said the malware now represents a significant threat to all users. Given the ever-rising popularity of macOS platforms Balmas said it “makes sense” for cybercriminals to show more interest in this domain.

To counteract the rise of XLoader, CPR urged users to remain vigilant when using devices. The malware is commonly spread by spoofed emails which lure victims into downloading and opening malicious files, researchers warned.

XLoader Prevention Tips

According to CPR, to avoid infection, Mac and Windows users should never open suspicious attachments and avoid visiting suspicious websites. Using third-party software to identify and prevent malicious behaviour on devices is also a key recommendation.

Since XLoader is “stealthy by nature”, CPR warned that it may be difficult for “non-technical” eyes to recognise the tell-tale signs of whether a device has been infected, enabling hackers to fly under the radar with relative ease.

“If you suspect you have been infected it would be wise to consult with a security professional or use third party tools and protections designed to identify, block and even remove this threat from your computer,” the firm said in a statement.

Ross Kelly

Staff Writer

Latest News

%d bloggers like this: